I was wondering if there was a tool (POSIX compatible) that let you see how many computers were using a particular Starbucks WIFI network and which could also show if you one or two of them were consuming an usually high amount of bandwidth (e.g. via bittorrent or something).

I think you could get by with a wifi traffic sniffer. You'd need to figure out a good way to manage all the data, but you could use said data to establish a picture of what normal traffic versus otherwise looks like.
–
DocJul 6 '11 at 15:58

4 Answers
4

I manage what is probably the largest open, public, wifi network in a 50 mile radius. Of course, it's rural Nebraska so that isn't really saying much, but we have 60+ access points spread over 18 buildings.

I say all that because I know from experience that if, as your comment indicates, you're looking for a way that Starbucks could spot anti-social users, the way to do this is not with an app on a client. Rather, you want to do this upstream from the access point, or even on the access point itself. We use a product called Untangle, which has the ability to detect bittorrent and other high-volume traffic and force those connections in a reduced bandwidth mode. Stopping p2p traffic entirely is a nearly impossible task, but you can slow it enough to keep it from degrading the experience for everyone.

Most smaller chains just stick something like a customized tomato or dd-wrt on a $60 consumer router and ship it out to each location with little to no support. There's really just not much there to work with. Starbucks itself might do something a little nicer, like use an enterprise grade access point ($600 and up) with centralized monitoring, but that's almost worse: those watching the screen have to account for hundreds of access points, rather than just a few.

You could use WireShark to see this to a first approximation. See the Statistics menu, specifically the "Conversations" and "Endpoints" windows you can open from there.

Unfortunately because wireless allows so many different signaling data rates from 1 to 450 mbps, looking at just the bytes sent and received can be misleading. Imagine if you monitored for one minute and saw one client move 45 megabits, and another client move 6750 megabits (almost 7 gigabits). Which one used more bandwidth? You don't know unless you look at the signaling rates at which those clients were operating. If the client that moved 45 megabits was operating at the 1mbps signaling rate, it took up 45 seconds of that one-minute period. If the client that moved 6 gigabits was using the 450mbps signaling rate, it took up only 15 seconds of that one-minute period. So the guy that moved just 45 megabits is the big airtime hog, and the guy that moved 6 gigabits was sharing pretty well. [This example is drastically simplified because it doesn't take protocol overhead and retransmissions into account, but the point stands.]

I'm not aware of an 802.11 analyzer that lets you graph usage by airtime, which is a shame.